The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 34.0°F | Mostly Cloudy

Flaw in Kerberos System Corrected

By Dan McGuire
Associate News Editor

A flaw in version four of the Kerberos encryption system used and developed by the Institute to protect data on the campus-wide Athena Online Environment was discovered last month.

The problem has since been solved, and the new version of Kerberos is now available for download on the Internet.

The discovery was made and announced by students at the Laboratory of Computer Operations, Audit, and Security Technology at Purdue University.

Steve Lodin and Bryn Dole, two graduate students working with Professor Eugene Spafford at Purdue, discovered the flaw that would allow unauthorized users to gain access to the Kerberos' secret "tickets" in less than five minutes.

A person with the tickets of a user would be able to both send and receive e-mail and zephyrs as that person and would be able to access some of that person's files, Lodin said.

The Kerberos system, developed in the 1980s, is now being used by corporations, universities, and the government.

Number generated predictably

"Around the end of last October I was in a class called Advanced Cryptography, and we were studying Kerberos," Lodin said.

The discovery of a flaw in the popular Netscape web browser's random number generator prompted Lodin to take a closer look at Kerberos, he said. The flaw would enable people on the network to intercept and decode information, such as credit card numbers, sent over the Internet.

"I though that since Kerberos uses random numbers, I could check to see how the random numbers were generated," Lodin said.

"The random number generator was predictable. If you knew when someone logged in you could figure out the session key," said Manager of Network systems and Operations Jeffrey I. Schiller, who is one of the developers of Kerberos.

The Institute found out that there was a problem with the Kerberos system after one of the corporate sponsors of the Purdue Laboratory leaked news that the encryption system had been broken. Corporate sponsors of the lab receive reports before they are released to the general public.

"We heard that there was a problem in Kerberos" but nothing specific, so we began looking for possible problems, Schiller said.

After examining the Kerberos code, Institute researchers discovered a problem with the random number generator. The Kerberos team thought that this may be the problem and fixed it, Schiller said.

As it turned out, the problem "was what we thought it was," and MIT was able to release updated code at the time the problem was announced, Schiller said.

Flaw repaired; no impact seen

The on-campus effect of the flaw was fairly limited. "If somebody was able to determine the session key for the lifetime of the tickets [they] could masquerade as you only on the workstation you were on," Schiller said.

Which means if someone broke the encryption code of a user's session, he would have to wait until the user was done and then run over to the user's computer and log on to that workstation to take advantage of the security lapse, he said.

"I don't think this was exploited, at least on campus here," Schiller said. "It's not a particularly useful bug."

"There was a loophole sitting there, but there's no evidence that it was used by people over the time it was sitting there," said Vice President for Information Systems James D. Bruce ScD '60.

The problem was solved by inserting the correct random number generator code into the flawed version four, Bruce said. The new version five is now available for download on the Internet.